Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

I won't begin to describe all my symptoms (unless you ask). Yikes. Here is my HijackThis file, and I also have Adwatch and Adaware logs available if you'd like them.
Thank you very, very much for any help you are able to offer. I've done a variety of scans and fixes, but cleary still need a specialist.

If you didn't install MyWebSearch intentionally, then go to add/remove programs and see if you have the option to uninstall it.

I have also included it in my fix.. however you can ignore those entries if you wish, they are optional.

Please move HijackThis into a permanent folder. It is important that you run HijackThis.exe in its own folder so the backup files that HijackThis file will create will not be accidentally deleted on reboot.

Open 'My Computer', then double-click to open C:\ (or the drive letter that your Windows is installed)
In the menu bar, click File-->New-->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ or C:\HijackThis\ folder. Put your HijackThis.exe there

Run hijackthis and click the scan button, when it has finished scanning then put a tick against the following, close all other browsers and windows and click 'fix checked'

Then boot back to normal mode and download FindQoologic-Narrator.zip save it to your Desktop. click here

Extract (unzip) the files inside into their own folder called FindQoologic.
Open the FindQoologic folder.
Locate and double-click the Find-Qoologic.bat file to run it.
wait until a text opens, post it in a reply to your thread along with a fresh hijack log please.

Nellie2 - thanks for writing back. I will summarize my progess (such as it is) under the headings "The Good, The Bad, and The Ugly".
The Good: I was able to follow the first part of your instructions to the letter. This included uninstalling MyWebSearch (I'd never installed it intentionally; at some point a couple of weeks ago an extra toolbar with that name had suddenly appeared in Internet Explorer) and I also ran hijackthis and "fix checked" as instructed. Spirits were temporarily buoyed until I found . . .
The Bad: when I rebooted in safemode, I was only able to find and delete the 2nd and 3rd items you listed for deletion. Of the remaining, I could not find all but one (yes, I did go in and enable hidden files and folders) and the one I *could* find (kwkqvg.exe) I was denied access to delete it. Decided to go ahead and boot back into normal mode (uh, not really normal in my case, but you know what I mean) and moved on to . . .
The Ugly: first, upon running FindQoologic-Narrator.zip I got an error message "Can not find script C:\Document~1\Wally\Locals~1\Temp\Activesetup.vbs" though it did run in some fashion, see log below. Also, lots of other weirdnesses still going on like not being able to open Word, Norton Internet Security icon gone, etc. Finally, I searched again for the nasty .exe files, found the aforementioned one, deleted it, emptied in from the trash can, and a couple of minutes later found a *new copy* of it back in Windows/System32. Whoa. Either I'm going nuts or the computer is.
Anyway, I want to keep trying - I hope this doesn't get too discouraging for you - thanks again - Wally

FQ report:

LEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Files found in System Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Ok well one of the reasons why some stuff came back is probably because you are running Ad-Watch. It is a good program but it will resist us making changes to your system. Can you uninstall it for now, we can put it back once we have you sorted out.

Run killbox and paste each of these lines into the box, select delete on reboot then press the red X button, when it says reboot now, say no and continue to paste the lines into the box in turn and follow the above procedure every time, after the last line has been pasted let it reboot

Nellie2 - thanks for writing back - I'm obligated to be elsewhere for the next few hours, so I don't have time to take the next steps on the computer recovery - but I will be sure to let you know what happens when I do - hasta pronto - Wally

Run the disk cleanup utility and check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.

Here are some suggestions to reduce the potential for spyware infection in the future. I strongly recommend installing the following :

Spyware Blaster - It will prevent most spyware from ever being installed.
Spyware Guard - It offers realtime protection from spyware installation attempts.
IE-Spyad - IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
I also recommend reading this article written by Tony Klein How did I get infected in the first place

Nellie2 - I've been totally overwhelmed with *non-computer* aspects of my life for the last day, but I hope to try the next steps later this evening. Thanks for the help so far, and I promise to let you know how things go. (There's already a marked improvement.) Bis spater, Wally

Nellie2 - sorry for the several-day lapse in communication; I got caught up in Easter/family activities - my computer is basically working fine for internet access, although I still get the occasional pop-up, it is much, much, better than before. A nagging concern is that I still can't open up Word or Excel. I get the error message "Norton Antivirus 2005 does not support the repair feature, please uninstall and reinstall". I don't know if Norton is running at all. Any thoughts? Thanks again for your across-the-ocean assistance - Wally

Nellie2 - sorry to say I had no luck with getting Norton to do *anything*. When I try to start Norton Antivirus, (Start/Programs . . . ) I left-click on Norton Antivirus and the screen listing the Norton products goes away. About 30 seconds later I get a box saying Symantec Integrator has encountered a problem and needs to close. I went on to try to uninstall and reinstall the whole Norton Internet Security package, (Add/Remove programs . . . ), which didn't work either. Following the Symantec documentation, I checked to see that the Internet Explorer default security settings were on; they were, then proceeded per their instructions to attempt to reinstall Microsoft Windows Script 5.6, which (sadly) also didn't work. For what it's worth, I have AdWatch running again, and every few minutes I get the following warning of an attempt to add a registry value:
ROOT: HKEY_CURRENT_USER
KEY: Software\Microsoft\Windows\CurrentVersion\Run
VALUE: mciavi32
DATA:
NEW DATA: C:\WINDOWS\System32\mciavi32.exe
I keep blocking it just because I don't know any better.
This is all starting to feel a bit, for lack of a better expression, "Kafkaesque."
Thank you for your continued patience. Is there anything left to try?
- Wally

Nellie2 - I will give that all a try, though I'm going to be out of town for the next few days, so I may not be getting back to you for a while. Couple of more questions, though, while I'm thinking about it. 1) I have various other anti-spyware entities running - should I disable all of that while getting Norton back on track? Do they work at cross-purposes to one another? Is there any one integrated program which will give me complete coverage? 2) Would you expect my problems with Word and Excel to disappear once Norton is running properly? (I got the impression that each of those programs was waiting for a virus-scan from Norton and didn't get it and therefore refused to open. Plausible?)
3) Do you have an opinion on the Adwatch warning I mentioned in my previous post? I find it confusing to get such warnings, and seemingly
have no way of knowing if the change I'm being warned about would be good or bad for me and my computer. Muchas gracias for sticking with me and my travails - Wally

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.